Skip to content

Authentication

All Multilogin X API requests (except sign-in) require a Bearer Token in the Authorization header.

Sign In

Endpoint: POST https://api.multilogin.com/user/signin

bash
curl -X POST https://api.multilogin.com/user/signin \
  -H "Content-Type: application/json" \
  -d '{
    "email": "your@email.com",
    "password": "your-password"
  }'

Response:

json
{
  "status": {
    "error_code": "",
    "http_code": 200,
    "message": "Success"
  },
  "data": {
    "token": "eyJhbGciOiJSUzI1NiIs..."
  }
}

Token Lifecycle

Token TypeLifetimeRate Limits
Regular30 minutesStandard
AutomationExtendedHigher rate limits

Refreshing Tokens

Endpoint: POST https://api.multilogin.com/user/refresh_token

Always refresh before the 30-minute expiry to avoid re-authenticating.

bash
curl -X POST https://api.multilogin.com/user/refresh_token \
  -H "Authorization: Bearer YOUR_CURRENT_TOKEN"

Response:

json
{
  "status": {
    "error_code": "",
    "http_code": 200,
    "message": ""
  },
  "data": {
    "token": "eyJhbGciOiJSUzI1NiIs..."
  }
}

Automation Token

For CI/CD pipelines and long-running scripts, use an automation token which provides:

  • Longer token lifetime
  • Higher rate limits
  • No need for frequent refreshes

Using the Token

Include the token in every request as a Bearer header:

bash
curl -X GET https://api.multilogin.com/some/endpoint \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json"

Password Management

Change Password

Endpoint: POST https://api.multilogin.com/user/change_password

bash
curl -X POST https://api.multilogin.com/user/change_password \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "current_password": "old-password",
    "new_password": "new-password"
  }'

Reset Password

Endpoint: POST https://api.multilogin.com/user/reset_password

bash
curl -X POST https://api.multilogin.com/user/reset_password \
  -H "Content-Type: application/json" \
  -d '{"email": "your@email.com"}'

Best Practices

Token Management

  • Refresh tokens before the 30-minute expiry, not after
  • Use automation tokens for scripts and CI/CD
  • Handle 401 Unauthorized by re-authenticating
  • Handle 429 Too Many Requests with exponential backoff

Security

  • Never commit tokens to source control
  • Store tokens in environment variables
  • Rotate passwords regularly